Using DNAMEs for RFC2317-like delegations
Chris Thompson
cet1 at hermes.cam.ac.uk
Wed Jul 30 13:21:09 UTC 2008
On Jul 30 2008, Paul Vixie wrote:
>Chris Thompson <cet1 at hermes.cam.ac.uk> writes:
>
>> That's the conventional advice, of course, but does lead to a proliferation
>> of reverse zones. It seems to me that if one believes that DNAMEs really do
>> work (by virtue of the synthesized CNAMEs), then one ought to be able to use
>> them in an RFC2317-like way in cases like this:
>
>DNAMEs really do work.
>
>> $ORIGIN b.a.in-addr.arpa.
>> @ SOA ...
>> NS ...
>> 0-127 NS (delegation for the /17)
>> 128-191 NS (delegation for the first /18)
>> 192-255 NS (delegation for the second /18)
[...]
>$GENERATE 0-127 $ DNAME $.0-127
>$GENERATE 128-191 $ DNAME $.128-191
>$GENERATE 192-255 $ DNAME $.192-255
[...]
>> and then the delegatees have only three zones
>>
>> 0-127.b.a.in-addr.arpa.
>> 128-191.b.a.in-addr.arpa.
>> 192-255.b.a.in-addr.arpa.
>>
>> to look after, each of which they populate as if they were (incomplete)
>> reverse zones for b.a.in-addr.arpa.
>
>yes.
>
>> This is only a thought experiment: has anyone actually tried to do
>> something like this?
>
>yes.
Example(s) in the public DNS? So that I can point at it/them, and say
"look, it doesn't cause any problems for John Doe's networks: why don't
we start doing it like that?" ?
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list